diff options
author | Richard Levitte <levitte@openssl.org> | 2020-01-07 11:49:08 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-01-08 22:30:54 +0100 |
commit | e0d8523e801b7a1fcdda698f9c28dd7a0617cd02 (patch) | |
tree | 6e02db1b8e58c02ef1327b099f557969d2d32bdd /crypto/evp/m_sigver.c | |
parent | nmake: fix install_html_docs target (diff) | |
download | openssl-e0d8523e801b7a1fcdda698f9c28dd7a0617cd02.tar.xz openssl-e0d8523e801b7a1fcdda698f9c28dd7a0617cd02.zip |
EVP: If a key can't be exported to provider, fallback to legacy
Currently, the operations that do try to export a legacy key to
providers will fail if the export failed. It makes more sense to
simply use the legacy method instead, as a fallback for things not
being implemented (yet) in a provider.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10771)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r-- | crypto/evp/m_sigver.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 7a21f680b9..9d12e9b96a 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -104,6 +104,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx->op.sig.signature = signature; + provkey = + evp_keymgmt_export_to_provider(locpctx->pkey, locpctx->keymgmt, 0); + /* If export failed, legacy may be able to pick it up */ + if (provkey == NULL) + goto legacy; + locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX : EVP_PKEY_OP_SIGNCTX; @@ -113,13 +119,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } - provkey = - evp_keymgmt_export_to_provider(locpctx->pkey, locpctx->keymgmt, 0); - if (provkey == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - if (type != NULL) { ctx->reqdigest = type; } else { @@ -156,6 +155,11 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return 0; legacy: + if (ctx->pctx->pmeth == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) { if (type == NULL) { |